General
-
Target
2024-06-30_f41d951ca062b0ed7b280c8162af5e28_icedid_magniber_sakula
-
Size
22.3MB
-
Sample
240630-cne4ssscpc
-
MD5
f41d951ca062b0ed7b280c8162af5e28
-
SHA1
a1d6309652745d89fcbd17c097ab3bae8c50ac85
-
SHA256
842393117b3a156c0b680a0abbbc027e70177a694f88036271b7182adb39a8c5
-
SHA512
b0d74e4b4eb19c02d8c7d2da88a9a656540ce7329aaf0cb6c7c7b8cd865d57f5c77a65d739663fae2243598413aa53827790c7fabf0cf8af7e22e5b98866a201
-
SSDEEP
393216:6Y9mGvCEJi1BEmEC0QuImhIKjWcgjB8IU7oKrZAQMu4G+56d0jSBufcOIlXESZ8i:6YsYCEJi1BEnvQu7vja8IDKrZMu4GwjQ
Malware Config
Targets
-
-
Target
2024-06-30_f41d951ca062b0ed7b280c8162af5e28_icedid_magniber_sakula
-
Size
22.3MB
-
MD5
f41d951ca062b0ed7b280c8162af5e28
-
SHA1
a1d6309652745d89fcbd17c097ab3bae8c50ac85
-
SHA256
842393117b3a156c0b680a0abbbc027e70177a694f88036271b7182adb39a8c5
-
SHA512
b0d74e4b4eb19c02d8c7d2da88a9a656540ce7329aaf0cb6c7c7b8cd865d57f5c77a65d739663fae2243598413aa53827790c7fabf0cf8af7e22e5b98866a201
-
SSDEEP
393216:6Y9mGvCEJi1BEmEC0QuImhIKjWcgjB8IU7oKrZAQMu4G+56d0jSBufcOIlXESZ8i:6YsYCEJi1BEnvQu7vja8IDKrZMu4GwjQ
Score10/10-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-